59 matches found
'self' xss reported in a question's moderate
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47423. panel We have received an external report of a dom xss in the moderation code for a question on answers.atlassian.com...
Convert the SecurityHeadersInterceptor into a filter that applies to /*
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-30356. panel The X-XSS-Protection HTTP header should be sent on all responses with a value of "1; mode=block". As the current...
XSS in doconfigurerssfeed.action
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-30240. panel Filed by vosipov on behalf of write.muhammadwaqar. code...
XSS Vulnerability in About Me field
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46695. panel Steps to reproduce: In id.atlassian.com, add to your About me: code console.log' +++++ Hi Dennis ++++++'; code Sav...
XSS vulnerabilities in Atlassian Answers
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47042. panel Some users seem to try XSS attack on Atlassian Answers. How to replicate is the following steps. Go to the top pag...
GeneralUtil.escapeForHtmlAttribute does not completely escape the given input for use in an html attribute context
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-29826. panel GeneralUtil.escapeForHtmlAttribute only escapes " and it does not escape ' . Furthermore, the method does not html...
Allow cookie-less instance for security reasons
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...
SPAM via Answer
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47171. panel I have received an email notification containing a link as an aswer one of my questions. It turns out that a spam....
Restrict access to personal pages and directory
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-28592. panel We need to restrict access to personal pages and the directory. At present, there doesn't seem to be any way to do...
Activity stream not respecting parent page restrictions
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-28543. panel The Confluence Activity stream will display all pages that the user has access to according to the restrictions...
Default application configuration files are available for download
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-27693. panel h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under...
Arbitrary resource file download in urlrewrite.xml
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-26888. panel There is an arbitrary resource file download vulnerability triggered by a third party library...
Group Picker Should Not Listed All Groups
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26600. panel Confluence will display all groups registered on it when users access any group picker and put value as its search...
Inherit Edit Restrictions for Child Pages
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...
Persistent xss flaw in the revision history (of comments).
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47387. panel Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history pag...
ldap injection in the custom atlassian authentication code
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47275. panel The custom atlassian ldap authentication code is vulnerable to ldap injection. The method which is vulnerable to...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...
ValidationHash generation should use random.SystemRandom instead of random class
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47146. panel ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a rando...
ValidationHash generation should use random.SystemRandom instead of random class
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47146. panel ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a rand...
Confluence Page View Restriction is not Inherited when Ancestor CONFANCESTORS Table Gets out of Sync
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-25189. panel When Confluence ancestor CONFANCESTORS table gets out of sync or corrupted. Page View restriction are not inherite...